This automated MR removes usage of SNAPSHOT
versions in the first party library dependencies.
Since SNAPSHOT
dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
Dependency Information Before the Upgrade
Branch: master
SHA: b654752e9623984448bb6b9f99e5d290e8ba6cd0
Maven: 0.17.0-SNAPSHOT
Maven Dependencies |
Root |
provider/storage-aws/src/main/ComplianceTrigger/ComplianceTriggerFunction/ComplianceTriggerFunction/ |
testing/ |
core-lib-azure |
0.16.0-rc5 |
|
|
core-lib-gcp |
0.16.0-rc1 |
|
|
os-core-lib-aws |
0.16.0-SNAPSHOT |
0.14.0-rc2 |
0.14.0-rc2 |
obm |
0.15.0 |
|
|
oqm |
0.15.0 |
|
|
os-core-common |
0.15.0 |
0.13.0 |
0.13.0 |
os-core-lib-ibm |
0.16.0-rc1 |
|
0.13.0 |
osm |
0.15.0 |
|
|
(3rd Party) com.fasterxml.jackson.core.jackson-databind |
2.13.2.2 |
2.6.7.2 |
2.8.1, 2.13.2.2 |
(3rd Party) org.apache.logging.log4j.log4j-api |
2.17.1 |
2.13.3 |
2.17.1 |
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j |
2.17.1 |
2.13.3 |
2.17.1 |
(3rd Party) org.springframework.spring-webflux |
5.3.12 |
|
|
(3rd Party) org.springframework.spring-webmvc |
5.3.22, 5.1.19.RELEASE |
5.3.12 |
5.3.12 |
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ org.opengroup.osdu.storage-byoc == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
│ └─ org.opengroup.osdu.storage-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
├─ provider/storage-aws/src/main/ComplianceTrigger/ComplianceTriggerFunction/ComplianceTriggerFunction/
│ └─ compliance.compliance == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
└─ testing/
├─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-aws == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-azure == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-gcp == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
└─ org.opengroup.osdu.storage.storage-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.4.12
└─ org.springframework.spring-webmvc == 5.3.12
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.storage-azure == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
Dependency Information After the Upgrade
Branch: remove-snapshot-dependencies
SHA: ff7d288f4236b48872b6cdb9d92a50153d98fb61
Maven: 0.17.0-SNAPSHOT
Maven Dependencies |
Root |
provider/storage-aws/src/main/ComplianceTrigger/ComplianceTriggerFunction/ComplianceTriggerFunction/ |
testing/ |
core-lib-azure |
0.16.0-rc5 |
|
|
core-lib-gcp |
0.16.0-rc1 |
|
|
os-core-lib-aws |
0.16.1 |
0.14.0-rc2 |
0.14.0-rc2 |
obm |
0.15.0 |
|
|
oqm |
0.15.0 |
|
|
os-core-common |
0.15.0 |
0.13.0 |
0.13.0 |
os-core-lib-ibm |
0.16.0-rc1 |
|
0.13.0 |
osm |
0.15.0 |
|
|
(3rd Party) com.fasterxml.jackson.core.jackson-databind |
2.13.2.2 |
2.6.7.2 |
2.8.1, 2.13.2.2 |
(3rd Party) org.apache.logging.log4j.log4j-api |
2.17.1 |
2.13.3 |
2.17.1 |
(3rd Party) org.apache.logging.log4j.log4j-to-slf4j |
2.17.1 |
2.13.3 |
2.17.1 |
(3rd Party) org.springframework.spring-webflux |
5.3.12 |
|
|
(3rd Party) org.springframework.spring-webmvc |
5.3.22, 5.1.19.RELEASE |
5.3.12 |
5.3.12 |
Critical: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ org.opengroup.osdu.storage-byoc == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
│ └─ org.opengroup.osdu.storage-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
├─ provider/storage-aws/src/main/ComplianceTrigger/ComplianceTriggerFunction/ComplianceTriggerFunction/
│ └─ compliance.compliance == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
└─ testing/
├─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-aws == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-azure == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-gcp == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
└─ org.opengroup.osdu.storage.storage-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.4.12
└─ org.springframework.spring-webmvc == 5.3.12
Critical: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.storage-azure == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12